cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3570
Views
5
Helpful
6
Replies

Port Relay (ip nat outside)

florian.pipper
Level 1
Level 1

Hello,

I have a neat little problem with NAT.

Since yesterday we're using an external mail server for our company. (Small office network)

We collect our mails from mailserver:587

Addionally we have a copying machine with a mail-server function. I can configure the mail-server IP-Address in the  copying machine, but not the port. The machine is using the default-port 25 for sending. So the problem is, I can't configure port 587.

Fortunately we have a Cisco Router connecting our inside network with the internet via DSL.

Our inside addresses are nat'ed with our public address.

Now here's the question:

Can I use my Router to translate the port, when it's trying to fetch the mails from the wrong port?

I tried using "ip nat outside source static tcp  external_mail-server-ip 587 router-ip 25"

and told my copying machine the mail-server address was the ip-address of my Router, but it didn't work.

Any thougths?

3 Accepted Solutions

Accepted Solutions

lgijssel
Level 9
Level 9

You are lucky indeed to have a cisco router.

To configure this, you must realize the sender is on the inside so you need to translate from inside to outside.

A static mapping is required but the destination for the mailserver can be any address.

You can probably use a dummy like below:

ip nat inside source static tcp 1.1.1.1 25 ext-mailserver 587

The link to refer to is this one:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic9

regards,

Leo

View solution in original post

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello,

I have a neat little problem with NAT.

Since yesterday we're using an external mail server for our company. (Small office network)

We collect our mails from mailserver:587

Addionally we have a copying machine with a mail-server function. I can configure the mail-server IP-Address in the  copying machine, but not the port. The machine is using the default-port 25 for sending. So the problem is, I can't configure port 587.

Fortunately we have a Cisco Router connecting our inside network with the internet via DSL.

Our inside addresses are nat'ed with our public address.

Now here's the question:

Can I use my Router to translate the port, when it's trying to fetch the mails from the wrong port?

I tried using "ip nat outside source static tcp  external_mail-server-ip 587 router-ip 25"

and told my copying machine the mail-server address was the ip-address of my Router, but it didn't work.

Any thougths?

Hi,

check out the doucment on NAtting and port redirection in cisco,

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

View solution in original post

Glad to be of assistance.

Thank you also for not rating any posts.

regards,

Leo

View solution in original post

6 Replies 6

lgijssel
Level 9
Level 9

You are lucky indeed to have a cisco router.

To configure this, you must realize the sender is on the inside so you need to translate from inside to outside.

A static mapping is required but the destination for the mailserver can be any address.

You can probably use a dummy like below:

ip nat inside source static tcp 1.1.1.1 25 ext-mailserver 587

The link to refer to is this one:

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic9

regards,

Leo

Hello,

first of all, thanks for your help. The document gave me the right direction.

So the solution is quite simple.

I just configured a:

ip nat outside source static tcp ext-mail-server 587 ext-mail-server  25 (route-map SCANNER)


So if my copying machine is trying to send mails over port 25 it gets redirected to port 587.

Additionally I added a route map (stating only my copying machine is nat'ed), so that every other device can access the ext-mail-server over port 25. (Maybe needed in future).


Thanks again.

Regards,

Florian

Glad to be of assistance.

Thank you also for not rating any posts.

regards,

Leo

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello,

I have a neat little problem with NAT.

Since yesterday we're using an external mail server for our company. (Small office network)

We collect our mails from mailserver:587

Addionally we have a copying machine with a mail-server function. I can configure the mail-server IP-Address in the  copying machine, but not the port. The machine is using the default-port 25 for sending. So the problem is, I can't configure port 587.

Fortunately we have a Cisco Router connecting our inside network with the internet via DSL.

Our inside addresses are nat'ed with our public address.

Now here's the question:

Can I use my Router to translate the port, when it's trying to fetch the mails from the wrong port?

I tried using "ip nat outside source static tcp  external_mail-server-ip 587 router-ip 25"

and told my copying machine the mail-server address was the ip-address of my Router, but it didn't work.

Any thougths?

Hi,

check out the doucment on NAtting and port redirection in cisco,

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Hi Ganesh,

Funny that we both drew the same conclusions regarding this problem.

Also typical that we both posted the same document about nat as an aid to find the solution.

I am sure this will be of much help to the topic starter!

regards,

Leo

Hi all,

please I need an assistance from you guys. I know that this thread is a bit old now but it is not too late to still discuss on it.

I have customer with a crazy network design. Here is the design description: the network have the following devices connected. a PoE switch connecting the LAN. the PoE switch is connected to firewall (Cyberoam). Cyberoam have one interface connected to the LAN switch (PoE), another interface to DMZ on a 2960 switch, and a third interface to a vlan on another 2960 switch as WAN. The second 2960 switch also have another vlan for the Internet segment. A 1721 router with just one fastethernet is doing inter-vlan routing for the Cyberoam WAN leg Vlan and Internet vlan.

The firewall is already doing natting MAIL server, Lync Edge server and some other resources. But now I need to configure NAT on the 1721 router to allow those rources to go out to the internet with their respective public IPs and the inerface IP for browsing. Browsing is the only thing that is not natted on the firewall.

I have configured the router with both static nat for the resources with their public IPs and I configured the overload on the interface IP. Presently the LAN users can get to the interent but the static nat is not working yet.

NOTE: the static mappings are for the DMZ segment.

I noticed that is I had the DMZ subnet in the access-list statement of the overlaod that is permitting the LAN computers to browse the DMZ servers also could browse but it will not be reached from outside with their public IPs.

Do I need to remove the nat on the firewall so that the router will do the translation?

If removing nat on the firewall is not necessary, how do I go about the configuration on the Cisco router?

Any help on this will be greatly appreciated.

thanks in advance.